Methods and apparatuses for enabling an establishment of a second secure session over a communication network

ABSTRACT

This disclosure provides a method, performed in a client terminal ( 50 ), for enabling an establishment of a second secure session over a communication network. The second secure session is additional to a first secure session. The first secure session is established using a session establishment protocol and a transport security protocol. The method performed in the client terminal ( 50 ) comprises obtaining a session identifier of the first secure session; and obtaining a credential identifier, the credential identifier identifying a server terminal ( 60 ) of the first secure session. The method performed in the client terminal ( 50 ) comprises associating the credential identifier to the session identifier of the first secure session; and storing the session identifier and the credential identifier associated with the session identifier of the first secure session.

CROSS REFERENCE TO RELATED APPLICATION

This application is a 35 U.S.C. § 371 National Stage of InternationalApplication No. PCT/SE2014/050773, filed Jun. 23, 2014, designating theUnited States, the disclosure of which is incorporated by reference.

TECHNICAL FIELD

The present disclosure pertains to the field of secure sessionestablishment over a communication network. More specifically, thedisclosure relates to methods and terminals for enabling anestablishment of a second secure session over a communication network.

BACKGROUND

Transport Layer Security, TLS, is the standard protocol defined forsecuring traffic based on the Transport Control Protocol, TCP. Theprotocol starts by a handshaking procedure whereby a client terminal anda server terminal establish a TLS session and agree on sessionparameters, such as a common set of security parameters (e.g. keys andciphering algorithms). The client terminal and the server terminal thenuse these session parameters to protect the application data sentbetween the client terminal and the server terminal.

Datagram Transport Layer Security, DTLS, is a protocol based on TLS thatprovides the same security functionality as TLS but for traffic based onUser Datagram Protocol, UDP. An extension to DTLS has been developed,called DTLS-SRTP, which uses the established key to protect Real-timeTransport protocol, RTP, data (e.g. audio/video) by using SecureReal-time Transport Protocol, SRTP.

TLS and DTLS-SRTP are often used to protect real-time peer-to-peermultimedia sessions established using Session Initiation Protocol, SIP.TLS can be used to protect e.g. a session established using MessageSession Relay Protocol, MSRP and DTLS-SRTP can be used to protect an RTPaudio or video session.

TLS (as well as DTLS and DTLS-SRTP) allows a session to be resumed orduplicated using the TLS session resumption or duplication feature. Aclient terminal can request a session to be resumed or duplicated byincluding the identifier of the session in the start of the TLShandshake procedure with a server terminal. If the server terminal hasstored the session parameters and agrees to resume or duplicate thesession, the server terminal and the client perform an abbreviatedhandshake procedure and then the client terminal and the server terminalcan start to exchange application data protected using existing sessionparameters, such as keys. An abbreviated handshake, as opposed to a fullhandshake, increases performance as it involves fewer round-trips andless cryptographic computations. The TLS session resumption feature canbe applied whenever a client terminal initiates multiple connections tothe same server terminal.

To be able to use the TLS session resumption or duplication feature, theTLS client terminal must identify the session to be resumed. Inclient-server protocols, a session is typically identified at the clientside using the IP address and port of the server host. However, thisapproach is not reliable as the IP address and port of a remote terminaloften changes, especially in e.g. a peer-to-peer media session. The portof a remote terminal is typically an ephemeral one that is selectedafresh for each new multimedia session. Additionally, the remoteterminal may have multiple IP addresses which it switches between (dueto e.g. cellular access and wireless local area network access). Also,the remote terminal may be behind a network address translation, NAT,which performs IP and port mapping. Therefore, it becomes increasinglyimportant to find a solution for resumption or duplication of a securesession that solves these problems.

SUMMARY

An object of the present disclosure is to provide methods and terminalsfor enabling an establishment of a second secure session which seeks tomitigate, alleviate, or eliminate one or more of the above-identifieddeficiencies in the art and disadvantages singly or in any combinationand to provide improved methods for enabling an establishment of asecond secure session, such as for resuming a secure session and/or forduplicating a secure session.

This object is obtained by a method, performed in a client terminal, forenabling an establishment of a second secure session over acommunication network. The second secure session is additional to afirst secure session. The first secure session is established using asession establishment protocol and a transport security protocol. Themethod performed in the client terminal comprises obtaining a sessionidentifier of the first secure session; and obtaining a credentialidentifier, the credential identifier identifying a server terminal ofthe first secure session. The method performed in the client terminalcomprises associating the credential identifier to the sessionidentifier of the first secure session; and storing the sessionidentifier and the credential identifier associated with the sessionidentifier of the first secure session.

It is an advantage of this disclosure that a secure session isidentified in a reliable way using a credential identifier and therebyincreases the likelihood of successfully resuming a first session orduplicating a first session in changing networking scenarios.Associating a credential identifier to a session identifier is a morerobust solution than existing solutions based on IP address and port.The disclosure overcomes thus the lack of reliability linked to using IPaddress and ports to identify a secure session at a client terminal asIP addresses and ports are much more prone to frequent changes. Thisdisclosure allows reducing the delay and processing required by thesecure session establishment (e.g. TLS handshake) even for a sessionwith terminals having dynamic IP addresses and ports.

According to one aspect of this disclosure, the method performed in theclient terminal further comprises receiving from the server terminal amessage requesting or accepting the establishment of the second securesession; obtaining a credential identifier from the received message;and determining whether the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session. The method performed in the client terminalcomprises retrieving the session identifier of the first secure sessionwhen it is determined that the obtained credential identifier matchesthe credential identifier associated with the session identifier of thefirst secure session. The disclosure allows an additional secure sessionto be reliably identified for establishment, e.g. resumption and/orduplication, regardless of the type of transport security protocols, andregardless of the type of session establishment protocols.

According to another aspect of this disclosure, the method performed inthe client terminal further comprises initiating the establishment ofthe second secure session using the retrieved session identifier in anabbreviated establishment procedure of the transport security protocolwhen it is determined that the obtained credential identifier matchesthe credential identifier associated with the session identifier of thefirst secure session. The method performed in the client terminalcomprises initiating the establishment of the second secure sessionusing a full establishment procedure of the transport security protocol,when it is not determined that the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. This provides an advantage in increasingthe number of opportunities where a secure session is eligible for(re-)establishment, e.g. resumption and/or duplication. This disclosurethus enables faster session establishment using abbreviated handshakeeven when a terminal has changed its port and IP address.

This disclosure relates to a method, performed in a client terminal, forenabling an establishment of a second secure session over acommunication network. The second secure session is additional to afirst secure session. The first secure session is established using asession establishment protocol and a transport security protocol. Themethod performed in the client terminal comprises sending to a serverterminal a message requesting or accepting the establishment of thesecond secure session; receiving from the server terminal the sessionidentifier of the first secure session; and determining if the receivedsession identifier matches the stored session identifier of the firstsecure session. The method comprises initiating the establishment of thesecond secure session using the received session identifier in anabbreviated establishment procedure of the transport security protocolwhen it is determined that the received session identifier matches thestored session identifier of the first secure session. The methodperformed in the client terminal comprises initiating the establishmentof the second secure session using a full establishment procedure of thetransport security protocol when it is not determined that the receivedsession identifier matches the stored session identifier of the firstsecure session. This enables a client terminal to initiate a resumptionor duplication of a secure session based on a session identifierreceived from a server terminal.

This disclosure relates to a method, performed in a server terminal, forenabling an establishment of a second secure session over acommunication network. The second secure session is additional to afirst secure session. The first secure session is established using asession establishment protocol and a transport security protocol. Themethod performed in the server terminal comprises obtaining a sessionidentifier of the first secure session; and obtaining a credentialidentifier, the credential identifier identifying a client terminal ofthe first secure session. The method performed in the server terminalcomprises associating the credential identifier to the sessionidentifier of the first secure session; and storing the sessionidentifier and the credential identifier associated with the sessionidentifier of the first secure session. This disclosure allows as much aserver terminal as a client terminal to determine the session identifierof a session to be (re-)established (e.g. resumed or duplicated) basedon a credential identifier of the other party. It therefore increasesthe chances for a secure session to be re-established, as the serverterminal is able find the session identifier even in situations wherethe client terminal cannot.

According to one aspect of this disclosure, the method performed in theserver terminal further comprises receiving from the client terminal amessage requesting or accepting the establishment of the second securesession, obtaining a credential identifier from the received message,and determining whether the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session. The method performed in the server terminalcomprises retrieving the session identifier of the first secure sessionwhen it is determined that the obtained credential identifier matchesthe credential identifier associated with the session identifier of thefirst secure session. The method performed in the server terminalcomprises sending to the client terminal the retrieved sessionidentifier of the first secure session when it is determined that theobtained credential identifier matches the credential identifierassociated with the session identifier of the first session.

According to one aspect of this disclosure, the step of sending to theclient terminal the retrieved session identifier of the first securesession may comprise sending to the client terminal the retrievedsession identifier in a response to the message requesting or acceptingthe establishment of the second secure session. This provides to theserver terminal the ability to support the client terminal by sendingthe session identifier to the client terminal so that the clientterminal can initiate the establishment of the second secure sessione.g. for resumption and/or duplication of the first secure session. Thisresults in a faster secure session setup time.

According to one aspect of this disclosure, the credential identifiercomprises a certificate fingerprint, a certificate, and/or an identifierof a pre-shared key. A certificate, a certificate fingerprint and/or anidentifier of a pre-shared key provides a reliable identifier that isreadily available in the transport security protocol. This disclosuretakes advantage of the already deployed security infrastructure orcertificate infrastructure to enable the establishment of a secondsecure session. This disclosure thereby provides advantages in terms ofscalability.

According to one aspect of this disclosure, enabling the establishmentof the second secure session comprises enabling a resumption the firstsecure session, and/or enabling a duplication the first secure session.

In one or more embodiments, the transport security protocol comprises atransport layer security (TLS) protocol, a secure sockets layer (SSL)protocol, a datagram transport layer security (DTLS) protocol, and/or adatagram transport layer security protocol with an extension for securereal-time transport protocol (DTLS-SRTP).

In one or more embodiments, the session establishment protocol comprisesa session initiation protocol (SIP), and/or an extensible messaging andpresence protocol (XMPP).

This disclosure relates to a terminal configured to act as a clientterminal for enabling an establishment of a second secure session over acommunication network. The second secure session is additional to afirst secure session. The first secure session is established using asession establishment protocol and a transport security protocol. Theterminal configured to act as a client terminal comprises processingmeans configured to: obtain a session identifier of the first securesession, and to obtain a credential identifier, the credentialidentifier identifying a server terminal of the first secure session.The processing means are configured to associate the credentialidentifier to the session identifier of the first secure session, and tostore in a data storage the session identifier and the credentialidentifier associated with the session identifier of the first securesession. The processing means may comprise a processor and a memorywherein the memory is containing instructions executable by theprocessor. A client terminal according to this disclosure provides anadvantageous session continuity, which faster and even seamlesslyenables a session establishment of the second secure session.

According to one aspect of this disclosure, the processing means of theterminal configured to act as a client terminal is further configured toreceive a message requesting or accepting the establishment of thesecond secure session, and to obtain a credential identifier from thereceived message. The processing means of the terminal configured to actas a client terminal is further configured to determine whether theobtained credential identifier matches the credential identifierassociated with the session identifier of the first secure session, andto retrieve the session identifier of the first secure session when itis determined that the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session.

According to one aspect of this disclosure, the processing means of theterminal configured to act as a client terminal is further configured toinitiate the establishment of the second secure session using theretrieved session identifier of the first secure session in anabbreviated establishment procedure of the transport security protocolwhen it is determined that the obtained credential identifier matchesthe credential identifier associated with the session identifier of thefirst secure session. The processing means of the terminal configured toact as a client terminal is further configured to initiate theestablishment of the second secure session using a full establishmentprocedure of the transport security protocol when it is not determinedthat the obtained credential identifier matches the credentialidentifier associated with the session identifier of the first securesession.

This disclosure relates to a terminal configured to act as a clientterminal for enabling an establishment of a second secure session over acommunication network. The second secure session is additional to afirst secure session. The first secure session is established using asession establishment protocol and a transport security protocol. Theterminal configured to act as a client terminal comprises processingmeans configured to: send a message requesting or accepting theestablishment of the second secure session; receive the sessionidentifier of the first secure session; and determine whether thereceived session identifier matches the stored session identifier of thefirst secure session. The terminal configured to act as a clientterminal comprises processing means configured to initiate theestablishment of the second secure session using the received sessionidentifier in an abbreviated establishment procedure of the transportsecurity protocol, when it is determined that the received sessionidentifier matches the stored session identifier of the first securesession; or initiate the establishment of the second secure sessionusing a full establishment procedure of the transport security protocol,when it is not determined that the received session identifier matchesthe stored session identifier of the first secure session. Theprocessing means may comprise a processor and a memory wherein thememory is containing instructions executable by the processor. Thisdisclosure relates to a terminal configured to act as a server terminalfor enabling an establishment of a second secure session over acommunication network. The second secure session is additional to afirst secure session. The first secure session is established using asession establishment protocol and a transport security protocol. Theterminal comprises processing means configured to obtain a sessionidentifier of the first secure session, and to obtain a credentialidentifier, the credential identifier identifying a client terminal ofthe first secure session. The processing means is configured toassociate the credential identifier to the session identifier of thefirst secure session and to store in a data storage the sessionidentifier and the credential identifier associated with the sessionidentifier of the first secure session. The processing means maycomprise a processor and a memory wherein the memory containsinstructions executable by the processor. A server terminal according tothis disclosure provides an advantageous session continuity for theclient terminal, which can establish faster and even seamlessly a secondsecure session, as a resumption or duplication of a first securesession.

According to one aspect of this disclosure, the processing means of theterminal configured to act as a server terminal is configured to receivea message requesting or accepting the establishment of the second securesession and to obtain a credential identifier from the received message.The processing means is configured to determine whether the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first secure session, and to retrieve thesession identifier of the first secure session when it is determinedthat the obtained credential identifier matches the credentialidentifier associated with the session identifier of the first securesession. The processing means may further be configured to send to theclient terminal (50) the retrieved session identifier of the firstsecure session when it is determined that the obtained credentialidentifier matches the credential identifier associated with the sessionidentifier of the first secure session.

This disclosure relates to a computer program, comprising computerreadable code which, when run on a processing means of a terminalconfigured to act as a client terminal, causes the terminal to performthe method as disclosed herein.

This disclosure relates to a computer program, comprising computerreadable code which, when run on a processing means of a terminalconfigured to act as a server terminal, causes the terminal to performthe method as disclosed herein.

Advantages presented for the methods performed in any of terminals areapplicable to the terminals and the computer programs.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing will be apparent from the following more particulardescription of the example embodiments, as illustrated in theaccompanying drawings in which like reference characters refer to thesame parts throughout the different views. The drawings are notnecessarily to scale, emphasis instead being placed upon illustratingthe example embodiments.

FIG. 1 is a flow chart illustrating an exemplary method, performed in aclient terminal, for enabling an establishment of a second securesession according to this disclosure.

FIG. 2a is a flow chart illustrating an exemplary method, performed in aclient terminal, for enabling an establishment of a second securesession according to this disclosure.

FIG. 2b is a flow chart illustrating an exemplary method, performed in aclient terminal, for enabling an establishment of a second securesession according to this disclosure.

FIG. 3 is a flow chart illustrating an exemplary method, performed in aserver terminal, for enabling an establishment of a second securesession according to this disclosure.

FIG. 4 is a flow chart illustrating an exemplary method, performed in aserver terminal, for enabling an establishment of a second securesession according to this disclosure.

FIG. 5a is a block diagram illustrating an exemplary terminal configuredto act as a client terminal for enabling an establishment of a secondsecure session over a communication network according to thisdisclosure.

FIG. 5b is a block diagram illustrating another exemplary terminalconfigured to act as a client terminal for enabling an establishment ofa second secure session over a communication network according to thisdisclosure.

FIG. 6 is a block diagram illustrating an exemplary terminal configuredto act as a server terminal for enabling an establishment of a secondsecure session over a communication network according to thisdisclosure.

FIG. 7 is a signaling diagram illustrating an exemplary exchange ofmessages for establishing a second secure session according to thisdisclosure in an embodiment of a communication network.

FIG. 8 is a signaling diagram illustrating another exemplary exchange ofmessages for establishing a second secure session according to thisdisclosure in an embodiment of a communication network.

FIG. 9 is a system diagram illustrating an exemplary communicationnetwork, an exemplary client terminal and an exemplary server terminalaccording to this disclosure.

DETAILED DESCRIPTION

Aspects of the present disclosure will be described more fullyhereinafter with reference to the accompanying drawings. The apparatusesand methods disclosed herein can, however, be realized in many differentforms and should not be construed as being limited to the aspects setforth herein. Like numbers in the drawings refer to like elementsthroughout.

The terminology used herein is for the purpose of describing particularaspects of the disclosure only, and is not intended to limit theinvention. As used herein, the singular forms “a”, “an” and “the” areintended to include the plural forms as well, unless the context clearlyindicates otherwise.

Some of the example embodiments presented herein are directed towardsenabling an establishment of a second secure session, such as resumingor duplicating a first secure session.

The general object or idea of embodiments of the present disclosure isto address at least one or some of the disadvantages with the prior artsolutions described above. The various steps described below inconnection with the figures should be primarily understood in a logicalsense, while each step may involve the communication of one or morespecific messages depending on the implementation and protocols used.

The general idea involves to reliably identify a first secure session inorder to enable an establishment of a second secure session. Thisdisclosure proposes to use a credential identifier for this purpose,since a credential identifier is a reliable identifier for enabling anestablishment of a second secure session and therefore overcomes thedrawbacks mentioned earlier. This disclosure allows a client terminal touse a received credential identifier to lookup if there is an existingsession information containing the credential identifier in order toestablish the secure session again.

Embodiments of the present disclosure relate, in general, to the fieldof secure session establishment over a communication network or acommunication system.

In this disclosure, the term “terminal” used herein refers to a devicethat has communication capabilities, memory and computationalcapabilities. A terminal may be a device comprising a universalintegrated circuit card configured to communicate. A terminal is forexample a user equipment, a network node, and/or a relay node. Aterminal is for example a mobile terminal, or a fixed terminal. Aterminal is configured to have ability for Internet/intranet access, webbrowser, organizer, calendar, a camera (e.g., video and/or still imagecamera), a sound recorder (e.g., a microphone), and/or globalpositioning system, GPS, receiver; a personal communications system(PCS) user equipment that may combine a cellular radiotelephone withdata processing; a personal digital assistant, PDA that can include aradiotelephone or wireless communication system; a laptop; a camera(e.g., video and/or still image camera) having communication ability;and/or any other computation or communication device capable oftransceiving, such as a personal computer, a home entertainment system,a television, etc. A terminal configured to act as a client terminalrefers herein to a terminal configured to act as a client of thetransport security protocol, such as a TLS client terminal. The term“client terminal” may be used to refer to a terminal configured to actas a client terminal. A server terminal refers herein to a terminalconfigured to act as a server of the transport security protocol, suchas a TLS server terminal. The term “server terminal” may be used torefer to a terminal configured to act as a server terminal. Theclient-server characteristic describes the relationship of cooperatingprograms in an application. A server terminal provides a function orservice to one or more client terminals, which initiate requests forsuch services. A client terminal and a server terminal exchange messagesin a request-response messaging pattern: the client terminal sends e.g.a request, and the server terminal returns e.g. a response. A clientterminal and a server terminal may both be a user equipment. Forexample, a client terminal and a server terminal are peers in apeer-to-peer system. Alternatively, a client terminal is a userequipment while a server terminal is a network node. Although theresumption feature and duplication feature are typically used forclient-server protocols such as Hypertext Transfer Protocol, HTTP, it isalso applied in peer-to-peer communications such as in the followingscenarios:

-   -   Two peer devices are in an instant messaging session using        MSRP/TLS/TCP and one of the peer devices initiates a file        transfer to the other peer device using a second MSRP/TLS/TCP        connection.    -   Two peer devices are in an instant messaging session using        MSRP/TLS/TCP and a connection failure occurs which requires the        MSRP/TLS/TCP connection to be re-established.    -   Two peer devices are in a voice session using SRTP/UDP with        DTLS-SRTP as the key management protocol, and decide to add        video to the session. This requires a second DTLS-SRTP handshake        to be performed between the peer devices.

As used herein, the term “session” refers to an information exchangebetween two or more communicating terminals, such as a message exchange.A session is set up or established at a certain point in time using asession establishment protocol. A session is terminated at a later pointin time. A session is e.g. implemented as part of a protocol and/or aservice at the application layer, at the session layer and/or at thetransport layer in the OSI model. An application layer session is e.g.an HTTP session or a telnet remote login session. A session layersession is for example a Session Initiation Protocol, SIP, based callsuch as a phone call, a video call, and/or a multimedia call. Atransport layer session is e.g. a TCP session, which can be referred toas a TCP virtual circuit, a TCP connection, or an established TCP socketor a TLS session. A session is identified by a session identifier. Asession identifier is a piece of data that is used in communicationswith another terminal to identify a session. A session identifier may bea unique identifier and/or a uniquely derived identifier. A session issecure if the session is established using a security protocol to e.g.authenticate the end-parties, and/or to protect the confidentiality andthe integrity of the messages exchanged in the session, to protectagainst replay-attacks. A secure session is established using atransport security protocol such as TLS, DTLS, or DTLS-SRTP.

FIG. 1 shows a flow chart illustrating an exemplary method 100,performed in a client terminal 50, for enabling an establishment of asecond secure session according to this disclosure. The method 100 isperformed in a terminal configured to act as a client terminal 50 forenabling an establishment of a second secure session over acommunication network. The method 100 is e.g. for identifying aresumable and/or duplicable secure session. The communication networkcomprises a wired communication network, and/or a wireless communicationnetwork. Enabling an establishment of a second secure session over acommunication network comprises enabling resumption the first securesession, and/or enabling duplication the first secure session. Forexample, enabling an establishment of a second secure session over acommunication network comprises enabling a resumption of the firstsecure session, and/or enabling a duplication of the first securesession. For example, enabling an establishment of a second securesession over a communication network comprises enabling a continuationof the first secure session, enabling a reproduction of the first securesession, enabling a reopening of the first secure, and/or enabling arestoration of the first secure session. The second secure session isadditional to a first secure session. For example, the second securesession is additional to an existing secure session. The second securesession is enabled to be established after the first secure session isestablished, either as a resumption of the first secure session or as aduplicate of the first secure session. The first secure session isestablished using a session establishment protocol and a transportsecurity protocol. Enabling an establishment of a second secure sessioncomprises enabling the establishment of the second secure session usinga session establishment protocol and/or a transport security protocol.The second secure session is established consecutively to a first securesession. The second secure session and the first secure session may takeplace in parallel. Alternatively, the second secure session may takeplace after the first secure session closed.

The first secure session is established using a session establishmentprotocol and a transport security protocol. The establishment of thefirst secure session results in a session identifier of the first securesession stored at the client terminal 50. In a first step S1, a clientterminal 50 obtains a session identifier of the first secure session.The step of obtaining S1 a session identifier of the first securesession comprises deriving the session identifier, retrieving thesession identifier from a remote or local data storage, and/or receivingthe session identifier.

In a next step S2, the client terminal 50 obtains a credentialidentifier, the credential identifier identifying a server terminal 60of the first secure session. Obtaining S2 a credential identifiercomprises receiving a message from e.g. a server terminal, the messagecomprising the credential identifier of the server terminal Theestablishment of the first secure session with the server terminal 60results in a credential identifier of the server terminal 60 beingreceived at the client terminal 50. At the end of the establishment ofthe first secure session, the client terminal 50 stores the credentialidentifier of the server terminal 60 and/or the credential of the serverterminal 60. As used herein, the term “credential” refers to acryptographic material that contributes to establishing an identity of aparty to a session. A credential comprises a security credential. Acredential can be self-issued or issued by a trusted third party. Acredential is for example a certificate, a cryptographic key, abiometrics and/or a password. A credential is identified with acredential identifier. A credential identifier uniquely identifies acredential. A credential identifier comprises a security credentialidentifier. A credential identifier may comprise a certificatefingerprint, a certificate, and/or an identifier of a pre-shared key. Acertificate is uniquely identified with a certificate fingerprint. Acertificate fingerprint is e.g. a secure one-way hash of the DER,distinguished encoding rules, form of the certificate. A certificatefingerprint is for example X.509 certificate fingerprint. The transportsecurity protocol comprises a transport layer security, TLS, protocol, asecure sockets layer, SSL, protocol, a datagram transport layersecurity, DTLS, protocol, and/or a datagram transport layer securityprotocol with an extension for secure real-time transport protocol,DTLS-SRTP. For example, in a TLS session, parties to the sessionindicate their identities by presenting authentication certificates(e.g. X.509 certificates) or pre-shared key identifiers as part of theTLS handshake procedure.

According to some aspects of this disclosure, the session establishmentprotocol comprises a session initiation protocol, SIP, and/or anextensible messaging and presence protocol, XMPP. In order to verify theorigin and ensure the confidentiality and integrity of a media streamcarried in a session, terminals may provide a certificate fingerprint.If the certificate presented for the TLS connection matches thecertificate fingerprint presented in the Session Description Protocol,SDP, message, the receiving terminal can be confident that the origin ofthe message is indeed the initiator of the connection. A certificatefingerprint is for example represented in SDP as an attribute (an ‘a’line). It consists of the name of the hash function used, followed bythe hash value itself. The fingerprint attribute may be either asession-level or a media-level SDP attribute. If it is a session-levelattribute, it applies to all TLS sessions for which no media-levelfingerprint attribute is defined.

In step S3, the client terminal 50 associates the credential identifierto the session identifier of the first secure session. For example, theclient terminal 50 links the credential identifier to the sessionidentifier for the first session with a pointer or in a table.Associating the credential identifier to the session identifier for eachsession enables a possible and faster (re-) establishment, resumption,restoration and/or duplication of each session when needed.

In step S4, the client terminal 50 stores the session identifier and thecredential identifier associated with the session identifier of thefirst secure session. The client terminal 50 stores in a local or remotedata storage a data pair comprising the session identifier and thecredential identifier for the first secure session. The sessionidentifier identifies the first secure session and the credentialidentifier identifies the party to the session, i.e. the server terminal60. The client terminal 50 binds together the session identifier withthe identity of the server terminal involved in the first securesession. The client terminal 50 stores for example the pair (session ID,credential ID) in a cache of a memory, such as a TLS session cache. Itcan be considered that the session identifier is indexed by thecredential identifier, and vice versa. It can be considered that thesession information such as session parameters is indexed by thecredential identifier. The client terminal 50 may also store thecredential. Storing the credential may be necessary when there is morethan one way of deriving the credential identifier, e.g. using differenthash algorithms.

In an illustrative example where the disclosed technique is applied, acertificate fingerprint is used as a credential identifier to identify aresumable and/or duplicable Transport Layer Security, TLS, session, andtherefore to enable an establishment of a second secure session. Toestablish a first TLS secured-session, a TLS Handshake Protocol isperformed allowing a server terminal 60 and a client terminal 50 toauthenticate each other and to negotiate an encryption algorithm andcryptographic keys before the application protocol transmits or receivesa first byte of data. When a first TLS session is established between aTLS client terminal 50 and a TLS server terminal 60, the TLS clientterminal 50 stores the certificate fingerprint of the TLS serverterminal 60 along with the session information. When the TLS clientterminal 50 establishes an additional end-to-end connection with thesame TLS server terminal 60, this disclosure allows the TLS clientterminal 50 to use the certificate fingerprint received in the sessionsetup signaling to lookup if there is an existing TLS sessioninformation containing the certificate fingerprint. If a matchingexisting TLS session information is found by the TLS client terminal 50,the TLS client terminal 50 extracts the session identifier from the TLSsession information. The TLS client terminal 50 includes the sessionidentifier in a message of a TLS abbreviated handshake to resume orduplicate the existing TLS session. Additionally or alternatively, thisdisclosure allows a TLS server terminal 60, to use the certificatefingerprint received in the session setup signaling for looking up a TLSsession to resume or duplicate. If such a secure session is found, theTLS server terminal 60 extracts the session identifier of the foundsecure session and includes the session identifier in a sessionsignaling response to the TLS client terminal 50 that in turn mayinitiate an abbreviated TLS handshake to resume or duplicate the securesession.

FIG. 2a shows a flow chart illustrating an exemplary method 200 a,performed in a client terminal 50, for enabling an establishment of asecond secure session according to this disclosure. The steps of thedisclosed method 200 a are consecutive to method 100 and optional.

In step S5 of method 200 a, the client terminal 50 receives from theserver terminal 60 a message 701 requesting or accepting theestablishment of the second secure session. In an exemplary embodiment,the credential identifier is received in the session setup signaling(e.g. SIP) and is associated with the secure session information (e.g.TLS session information). Message 701 is for example a SIP message (e.g.SIP INVITE, SIP 200 OK) comprising a credential identifier. The SIPmessage indicates with an attribute which party to the session is to actas client terminal and server terminal in e.g. a TLS session. Anattribute “a=setup-active” indicates that the sending party initiate theTCP connection, and therefore also acts as the TLS client terminal. Anattribute “a=setup-passive” indicates that the sending party acts as theTLS server terminal. A terminal acting as a TLS client identifies theTLS session to establish (e.g. resume and/or duplicate) using the remoteterminal's credential identifier, such as a certificate fingerprint.

In step S6, the client terminal 50 obtains a credential identifier fromthe received message. Obtaining S6 a credential identifier comprisese.g. obtaining from a received message a credential identifier of theserver terminal 60, i.e. the sender of the received message. The clientterminal 50 for example extracts the credential identifier (e.g. acertificate fingerprint) of the sender of the message, i.e. the serverterminal 60. The client terminal 50 for example extracts the credentialidentifier from an SDP offer of a received SIP message (e.g SIP INVITE,SIP 200 OK).

In step S7, the client terminal 50 determines whether the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first secure session. The client terminal50 determines whether the obtained credential identifier matches thestored credential identifier of the first secure session. The clientterminal 50 performs e.g. a search, through e.g. the session cache, fora credential identifier matching the obtained credential identifier.

When it is determined that the obtained credential identifier matchesthe credential identifier associated with the session identifier of thefirst secure session, the client terminal 50 retrieves in step S8 thesession identifier of the first secure session, and initiates in step S9the establishment of the second secure session using the retrievedsession identifier in an abbreviated establishment procedure of thetransport security protocol. If the client terminal 50 finds thematching credential identifier in the stored session information, theclient terminal 50 attempts to retrieve, from e.g. the session cache,the session identifier corresponding to the obtained credentialidentifier. The client terminal 50 performs an abbreviated handshake ofthe transport security protocol such as TLS. The client terminal 50sends to the server terminal 60 a message comprising the retrievedsession identifier to initiate the abbreviated handshake. If the serverterminal 60 finds the received session identifier in its session cache,the server terminal 60 proceeds with the abbreviated handshakeprocedure. If the server terminal 60 does not find the received sessionidentifier in its session cache (due to e.g. a session timeout), theserver terminal 60 requests to proceed with a full handshake procedureand a new secure session is created.

When it is not determined that the obtained credential identifier matchthe credential identifier associated with the session identifier of thefirst secure session, the client terminal 50 initiates in step S10 theestablishment of the second secure session using a full establishmentprocedure of the transport security protocol. If the client terminal 50does not find the matching credential identifier in the stored sessioninformation, the client terminal 50 initiates a full handshake and a newsecure session is created.

In one or more embodiments, the method comprises associating acredential identifier with a session ticket, as defined in existingstandards. Session tickets contain the session information in encryptedform and are sent together with the session identifier at a start of anabbreviated TLS handshake. This reduces the need of the TLS server tokeep per-client session state.

FIG. 2b is a flow chart illustrating an exemplary method 200 b,performed in a client terminal. The method 200 b for enabling anestablishment of a second secure session illustrated in FIG. 2b takesplace in a client terminal 51 when a server terminal 60 is the partythat determines the session identifier for the second secure session tobe established. The second secure session is additional to a firstsecure session. The first secure session is established between theclient terminal 51 and the server terminal 60 using a sessionestablishment protocol and a transport security protocol. The clientterminal 51 sends to a server terminal 60 in step S20 a message 801requesting or accepting the establishment of the second secure session.Message 801 comprises a credential identifier of the client terminal 51.For example, the client terminal 51 sends a SIP message (e.g SIP INVITE,SIP 200 OK, SIP ACK) comprising its credential identifier to the serverterminal 60. The client terminal indicates in the SIP message that itacts as a client terminal in the transport security protocol. The serverterminal 60 receiving the SIP message comprising the credentialidentifier of the client terminal 51 determines whether the receivedcredential identifier matches a credential identifier associated withthe session identifier of an already existing first secure session. Whenit is determined by the server terminal 60 that the received credentialidentifier matches the credential identifier associated with the sessionidentifier of an already existing first secure session, the serverterminal 60 retrieves the session identifier associated with thematching credential identifier and sends it in a response (e.g. SIP 200OK or SIP ACK) to the client terminal 51. In Step 21, the clientterminal 51 receives from the server terminal 60 the session identifierof the first secure session. For example, the client terminal 51receives the session identifier of the first secure session in aresponse 802 (e.g. a SIP 200 OK, or SIP ACK) to the message requestingor accepting the establishment of the second secure session. The clientterminal 51 for example extracts the session identifier from thereceived message 802. In Step 22, the client terminal 51 determines ifthe received session identifier matches the stored session identifier ofthe first secure session. The client terminal 51 performs for example asearch through its session cache to find a stored session identifiermatching the received session identifier. The client terminal 51initiates in step S23 the establishment of the second secure sessionusing the received session identifier in an abbreviated establishmentprocedure of the transport security protocol, when it is determined bythe client terminal 51 that the received session identifier matches thestored session identifier of the first secure session. The clientterminal 51 performs an abbreviated handshake of the transport securityprotocol such as TLS. The client terminal 51 sends to the serverterminal 60 a message comprising the retrieved session identifier toinitiate the abbreviated handshake.

In Step S24, the client terminal 51 initiates the establishment of thesecond secure session using a full establishment procedure of thetransport security protocol, when it is not determined that the receivedsession identifier match the stored session identifier of the firstsecure session. If the client terminal 51 does not find the receivedsession identifier in the session cache (due to e.g. a session timeout),the client terminal 51 proceeds with a full handshake procedure and anew secure session is created. Optionally, the client terminal 51 mayperform any of the steps of method 100 and/or any of the steps of method200 a. Method 200 b may comprise any of the steps of method 100 and/orany of the steps of method 200 a, preferably after step performing stepsof method 200 b.

FIG. 3 shows a flow chart illustrating an exemplary method 300,performed in a server terminal 60, for enabling an establishment of asecond secure session according to this disclosure. The method 300 isperformed in a terminal configured to act as a server terminal 60 forenabling an establishment of a second secure session over acommunication network. Enabling an establishment of a second securesession over a communication network comprises enabling a resumption ofa first secure session, and/or enabling a duplication of a first securesession. The first secure session is established between the serverterminal 60 and a client terminal 50, 51 using a session establishmentprotocol and a transport security protocol. In other words, enabling anestablishment of a second secure session over a communication networkcomprises enabling a continuation of the first secure session, enablinga reproduction of the first secure session, enabling a reopening of thefirst secure, and/or enabling a restoration of the first secure session.The method 100 is e.g. for identifying a resumable or duplicable securesession. The establishment of the first secure session results in asession identifier of the first secure session stored at the serverterminal 60.

In a first step S11, the server terminal 60 obtains a session identifierof the first secure session. The step S11 of obtaining a sessionidentifier of the first secure session comprises deriving the sessionidentifier, retrieving the session identifier from a remote or localdata storage, and/or receiving the session identifier through aninterface of the server terminal. Receiving the session identifierthrough an interface of the server terminal comprises e.g. receiving thesession identifier from a client terminal.

In a step S12, the server terminal 60 obtains a credential identifier,the credential identifier identifying a client terminal 50, 51 of thefirst secure session. Obtaining S12 a credential identifier comprisesreceiving a message from e.g. a client terminal, the message comprisingthe credential identifier of the client terminal. The establishment ofthe first secure session with the server terminal 60 results acredential identifier of the client terminal 50, 51 being received atthe server terminal 60. At the end of the establishment of the firstsecure session, the server terminal stores the credential identifier andthe credential of the client terminal. The step of obtaining S12 acredential identifier comprises receiving the credential identifier froma client terminal.

In a step S13, the server terminal 60 associates the credentialidentifier to the session identifier of the first secure session. Forexample, the server terminal 60 links the credential identifier to thesession identifier for the first session with a pointer or in a table.Associating the credential identifier to the session identifier for eachsession enables a possible and faster (re-)establishment, resumption,restoration or duplication of each session when needed.

In a step S14, the server terminal 60 stores the session identifier andthe credential identifier associated with the session identifier of thefirst secure session. The server terminal 60 stores in a local or remotedata storage a data pair comprising the session identifier and thecredential identifier for the first secure session. The sessionidentifier identifies the first secure session and the credentialidentifier identifies the party to the session, i.e. the client terminal50,51. The server terminal 60 binds together the session identifier withthe identity of the client terminal involved in the first securesession. For example, a TLS server terminal 60 stores the certificatefingerprint of the TLS client terminal 50 with the session information.The server terminal 60 stores for example the pair (session ID,credential ID) in a cache of a memory, such as a TLS session cache. Itcan be considered that the session identifier is indexed by thecredential identifier, and vice versa. The server terminal 60 may alsostore the credential. Storing the credential may be necessary when thereis more than one way of deriving the credential identifier, e.g. usingdifferent hash algorithms.

FIG. 4 shows a flow chart illustrating an exemplary method 400,performed in a server terminal 60, for enabling an establishment of asecond secure session according to this disclosure. The stepsillustrated in FIG. 4 are consecutive to the steps of method 300 andoptional. The method 400 for enabling an establishment of a secondsecure session illustrated in FIG. 3 takes place in a server terminal 60when for example a server terminal 60 is the party that can determinethe session identifier for the second secure session to be established.

In a step S15, the server terminal 60 receives from the client terminal50, 51 a message 801 requesting or accepting the establishment of thesecond secure session. The message requesting or accepting theestablishment of the second secure session comprises a credentialidentifier of the client terminal 50, 51. In an exemplary embodiment,the credential identifier is received in the session setup signaling(e.g. SIP) and is associated with the secure session information (e.g.TLS session information). Message 801 is for example a SIP message (e.g.SIP INVITE, SIP 200 OK, SIP ACK) comprising a credential identifier ofthe client terminal. The SIP message indicates with an attribute whichparty to the session is to act as client terminal and server terminal ina session in e.g. a TLS session. An attribute “a=setup-passive”indicates that the sending party is not to initiate the TCP connection,and therefore also acts as the TLS server terminal. A terminal acting asa TLS server identifies the TLS session to establish (e.g. resume and/orduplicate) using the remote terminal's credential identifier, such as acertificate fingerprint of the TLS client.

In a step S16, the server terminal 60 obtains a credential identifierfrom the received message. Obtaining S16 a credential identifiercomprises e.g. obtaining a credential identifier of a sender of thereceived message. The server terminal 60 for example extracts thecredential identifier (e.g. the certificate fingerprint) of the senderof the message, i.e. the client terminal 50. The server terminal 60 forexample extracts the credential identifier from an SDP offer of areceived SIP message (e.g. SIP INVITE, SIP 200 OK, SIP ACK).

In step S17, the server terminal 60 determines whether the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first secure session. The server terminal60 determines whether the obtained credential identifier matches thestored credential identifier of the first secure session. The serverterminal 60 performs e.g. a search, through e.g. the session cache, fora credential identifier matching the obtained credential identifier.

When it is determined that the obtained credential identifier matchesthe credential identifier associated with the session identifier of thefirst secure session, the server terminal 60 retrieves in step S18 thesession identifier of the first secure session, and sends in step S19 tothe client terminal 50, 51 the retrieved session identifier of the firstsecure session. If the server terminal 60 finds the matching credentialidentifier in the stored session information, the server terminal 60attempts to retrieve, from e.g. the session cache, the sessionidentifier corresponding to the obtained credential identifier. Theserver terminal 60 sends the retrieved session identifier to the clientterminal 50, 51 that in turn initiates an abbreviated handshake of thetransport security protocol such as TLS. For example, the serverterminal 60 sends to the client terminal 60 in step S19 a the retrievedsession identifier in a response 802 to the message 801 requesting oraccepting the establishment of the second secure session, such as SIP200 OK response, SIP ACK.

When it is not determined that the obtained credential identifiermatches a credential identifier associated with the session identifierof the first secure session, the server terminal 60 exits the method 400and awaits for the client terminal to initiate a full establishmentprocedure.

FIG. 5a shows a block diagram illustrating an exemplary terminal 50configured to act as a client terminal for enabling an establishment ofa second secure session over a communication network according to thisdisclosure. The terminal 50 is configured to act as client terminal,such as a TLS client terminal. The client terminal 50 is configured toenable an establishment of a second secure session over a communicationnetwork. The second secure session is additional and/or consecutive to afirst secure session, the first secure session being established using asession establishment protocol and a transport security protocol. Theterminal 50 comprises processing means 501 configured to obtain asession identifier of the first secure session. Therefore the processingmeans 501 may comprise an obtain session identifier module 505. Theprocessing means 501 is configured to obtain a credential identifier,the credential identifier identifying a server terminal 60 of the firstsecure session. Hence the processing means 501 comprises e.g. an obtaincredential identifier module 506 configured to obtain a credentialidentifier. The processing means 501 is configured to associate thecredential identifier to the session identifier of the first securesession. Hence the processing means 501 comprises e.g. an associatingmodule 507 configured to associate the credential identifier to thesession identifier of the first secure session. The processing means 501is configured to store in a data storage the session identifier and thecredential identifier associated with the session identifier of thefirst secure session. Hence the processing means 501 may comprise amemory 503 to store the session identifier and the credential identifierassociated with the session identifier of the first secure session. Theprocessing means 501 is for example configured to receive a messagerequesting or accepting the establishment of the second secure session.Hence the processing means 501 may comprise an interface 504 configuredto receive a message requesting or accepting the establishment of thesecond secure session, such as a message from the server terminal 60.The interface 504 is configured for wired communication and/or forwireless communication. The processing means 501 is for exampleconfigured to obtain a credential identifier from the received message.For example, the obtain credential identifier module 506 is configuredto obtain a credential identifier from the received message. Theprocessing means 501 is for example configured to determine whether theobtained credential identifier matches the credential identifierassociated with the session identifier of the first secure session.Hence the processing means 501 may comprise a determinor 508 todetermine whether the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session. The processing means 501 is for example configuredto retrieve the session identifier of the first secure session when itis determined that the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session. Hence the processing means 501 may comprise aretriever 509 configured to retrieve the session identifier of the firstsecure session. The processing means 501 is configured to initiate theestablishment of the second secure session using the retrieved sessionidentifier of the first secure session in an abbreviated establishmentprocedure of the transport security protocol when it is determined thatthe obtained credential identifier matches the credential identifierassociated with the session identifier of the first secure session. Theprocessing means 501 is configured to initiate the establishment of thesecond secure session using a full establishment procedure of thetransport security protocol when it is not determined that the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first secure session. Therefore, theprocessing means 501 may comprise an initiator 510 adapted to initiate afull handshake or an abbreviated handshake of a transport securityprotocol.

In one or more embodiments, the terminal 50 is configured to act asclient terminal for enabling an establishment of a second secure sessionover a communication network is configured to obtain a sessionidentifier of the first secure session. Therefore the terminal 50 maycomprise an obtain session identifier module 505. The terminal 50 isconfigured to obtain a credential identifier, the credential identifieridentifying a server terminal 60 of the first secure session. Hence theterminal 50 comprises e.g. an obtain credential identifier module 506configured to obtain a credential identifier. The terminal 50 isconfigured to associate the credential identifier to the sessionidentifier of the first secure session. Hence the terminal 50 comprisese.g. an associating module 507 configured to associate the credentialidentifier to the session identifier of the first secure session. Theterminal 50 is configured to store in a data storage the sessionidentifier and the credential identifier associated with the sessionidentifier of the first secure session. Hence the terminal 50 maycomprise a memory 503 to store the session identifier and the credentialidentifier associated with the session identifier of the first securesession. The terminal 50 is for example configured to receive a messagerequesting or accepting the establishment of the second secure session.Hence the terminal 50 may comprise an interface 504 configured toreceive a message requesting the establishment of the second securesession. The interface 504 is configured for wired communication and/orfor wireless communication. The terminal 50 is for example configured toobtain a credential identifier from the received message. For example,the obtain credential identifier module 506 is configured to obtain acredential identifier from the received message. The terminal 50 is forexample configured to determine whether the obtained credentialidentifier matches the credential identifier associated with the sessionidentifier of the first secure session. Hence the terminal 50 maycomprise a determinor 508 to determine whether the obtained credentialidentifier matches the credential identifier associated with the sessionidentifier of the first secure session. The terminal 50 is for exampleconfigured to retrieve the session identifier of the first securesession when it is determined that the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. Hence the terminal 50 may comprise aretriever 509 configured to retrieve the session identifier of the firstsecure session.

In one or more embodiments, the processing means comprise a processor502 and a memory 503 wherein the memory 503 contains instructionsexecutable by the processor 502. The processor 502 may be constituted byany suitable Central Processing Unit, CPU, microcontroller, DigitalSignal Processor, DSP, etc. capable of executing computer program code.According to some aspects, the disclosure relates to a client terminalcomprising a processor 301 and a memory, said memory containinginstructions executable by said processor, to execute the methoddisclosed herein. The memory 503 may be any suitable type of computerreadable memory and may be of volatile and/or non-volatile type. Theprocessor 502 is for example configured to obtain a session identifierof the first secure session. The processor 502 comprises e.g. an obtainsession identifier module 505. The processor 502 is configured to obtaina credential identifier, the credential identifier identifying a serverterminal 60 of the first secure session. Hence processor 502 comprisese.g. an obtain credential identifier module 506. The processor 502 isconfigured to associate the credential identifier to the sessionidentifier of the first secure session. Hence the processor 502comprises e.g. an associating module 507. The processor 502 isconfigured to store in a data storage the session identifier and thecredential identifier associated with the session identifier of thefirst secure session. Hence the processor 502 comprises e.g. a memory503 to store the session identifier and the credential identifierassociated with the session identifier of the first secure session. Theprocessor 502 is for example configured to receive a message requestingor accepting the establishment of the second secure session. Hence theprocessor 502 may comprise an interface 504 configured to receive amessage requesting or accepting the establishment of the second securesession. The processor 502 is for example configured to obtain acredential identifier from the received message. The processor 502 isfor example configured to determine whether the obtained credentialidentifier matches the credential identifier associated with the sessionidentifier of the first secure session. Hence processor 502 may comprisea determiner 508 to determine whether the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. The processor 502 is for example configuredto retrieve the session identifier of the first secure session when itis determined that the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session. Hence the processor 502 may comprise a retriever509 configured to retrieve the session identifier of the first securesession. The processor 502 is configured to initiate the establishmentof the second secure session using the retrieved session identifier ofthe first secure session in an abbreviated establishment procedure ofthe transport security protocol when it is determined that the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first secure session. The processor 502 isconfigured to initiate the establishment of the second secure sessionusing a full establishment procedure of the transport security protocolwhen it is not determined that the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. Therefore, the processor 502 may comprisean initiator 510 adapted to initiate a full handshake or an abbreviatedhandshake of a transport security protocol.

FIG. 5b shows a block diagram illustrating an exemplary terminal 51configured to act as a client terminal for enabling an establishment ofa second secure session over a communication network according to thisdisclosure. FIG. 5b shows a block diagram illustrating an exemplaryclient terminal 51 when a server terminal 60 is the party that candetermine the session identifier for the second secure session to beinitiated by the client terminal 51. The client terminal 51 comprisesprocessing means 511 configured to send to a server terminal 60 amessage 801 requesting or accepting the establishment of the secondsecure session, and to receive from the server terminal 60 the sessionidentifier of the first secure session. Hence the processing means 511comprises e.g. an interface 514 for sending and receiving messages. Theprocessing means 511 is further configured to determine if the receivedsession identifier matches the stored session identifier of the firstsecure session. Hence a determinor 515 is further configured todetermine if the received session identifier matches the stored sessionidentifier of the first secure session. The processing means 511 isfurther configured to initiate the establishment of the second securesession using the received session identifier in an abbreviatedestablishment procedure of the transport security protocol, when it isdetermined that the received session identifier matches the storedsession identifier of the first secure session. Hence, if the determinor515 determines that the received session identifier matches the storedsession identifier of the first secure session, the initiator 516 mayinitiate an abbreviated establishment procedure of the transportsecurity protocol, such as an abbreviated handshake. If the determinor515 does not determine that the received session identifier matches thestored session identifier of the first secure session, the initiator 516initiates the establishment of the second secure session using a fullestablishment procedure of the transport security protocol. Optionally,the client terminal 51 may be configured to perform any of the steps ofmethod 100 and/or method 200 a. Therefore, the terminal 51 may furthercomprise an obtain session ID module, a obtain credential ID module, anassociating module, and/or a retriever module.

In one or more embodiments, the processing means 511 comprise aprocessor 512 and a memory 513. The processor 512 is further configuredto send a message 801 requesting or accepting the establishment of thesecond secure session; and to receive the session identifier of thefirst secure session via interface 514. The processor 512 is furtherconfigured to determine if the received session identifier matches thestored session identifier of the first secure session. Hence, theprocessor 514 comprises e.g. a determinor 515. The processor 512 isfurther configured to initiate the establishment of the second securesession using the received session identifier in an abbreviatedestablishment procedure of the transport security protocol, when it isdetermined that the received session identifier matches the storedsession identifier of the first secure session. Hence, the processor 514comprises e.g. an initiator 516. Additionally, the processor 512 mayfurther comprise an obtain session ID module, a obtain credential IDmodule, an associating module, and/or a retriever module.

In one or more embodiments, the client terminal 50, 51 is a TLS clientterminal comprising a SIP client and a TLS module. The SIP client ofterminal 50, 51 sends the credential identifier of the TLS server (e.g.a certificate fingerprint of the TLS server) to the TLS module. The TLSmodule checks if a TLS session associated with the credential identifierexists in the TLS session cache, and if that is the case it attempts toestablish (e.g. resume and/or duplicate) that session. Otherwise the TLSmodule creates a new session and stores it in the session cache togetherwith the newly obtained credential.

FIG. 6 shows a block diagram illustrating an exemplary terminal 60configured to act as a server terminal 60 for enabling an establishmentof a second secure session over a communication network according tothis disclosure. The terminal 60 is configured to act as serverterminal, such as a TLS server terminal. The server terminal 60 isconfigured to enable an establishment of a second secure session over acommunication network. The second secure session is additional orconsecutive to a first secure session, the first secure session beingestablished using a session establishment protocol and a transportsecurity protocol. The terminal 60 comprises processing means 601configured to obtain a session identifier of the first secure session.Therefore the processing means 601 may comprise an obtain sessionidentifier module 605. The processing means 601 is configured to obtaina credential identifier, the credential identifier identifying a serverterminal 60 of the first secure session. Hence the processing means 601may comprise an obtain credential identifier module 606 configured toobtain a credential identifier. The processing means 601 is configuredto associate the credential identifier to the session identifier of thefirst secure session. Hence the processing means 601 may comprise anassociating module 607 configured to associate the credential identifierto the session identifier of the first secure session. The processingmeans 601 is configured to store in a data storage the sessionidentifier and the credential identifier associated with the sessionidentifier of the first secure session. Hence the processing means 601may comprise a memory 603 to store the session identifier and thecredential identifier associated with the session identifier of thefirst secure session. The processing means 601 is for example configuredto receive a message requesting or accepting the establishment of thesecond secure session. Hence the processing means 601 may comprise aninterface 604 configured to receive a message requesting or acceptingthe establishment of the second secure session, such as a message from aclient terminal 50, 51. The interface 604 is configured for wiredcommunication and/or for wireless communication. The processing means601 is for example configured to obtain a credential identifier from thereceived message. The processing means 601 is for example configured todetermine whether the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session. Hence the processing means 601 comprises e.g. adeterminor 608 to determine whether the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. The processing means 601 is for exampleconfigured to retrieve the session identifier of the first securesession when it is determined that the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. Hence the processing means 601 comprisese.g. a retriever 609 configured to retrieve the session identifier ofthe first secure session. The processing means 601 is e.g. furtherconfigured to send to the client terminal 50 the retrieved sessionidentifier of the first secure session when it is determined that theobtained credential identifier matches the credential identifierassociated with the session identifier of the first secure session. Theinterface 604 is e.g. further configured to send the retrieved sessionidentifier of the first secure session.

In one or more embodiments, the terminal 60 configured to act as aserver terminal is configured to obtain a session identifier of thefirst secure session. Therefore the terminal 60 may comprise an obtainsession identifier module 605. The terminal 60 is configured to obtain acredential identifier, the credential identifier identifying a clientterminal 50, 51 of the first secure session. Hence the terminal 60 maycomprise an obtain credential identifier module 606 configured to obtaina credential identifier. The terminal 60 is configured to associate thecredential identifier to the session identifier of the first securesession. Hence the terminal 60 may comprise an associating module 607configured to associate the credential identifier to the sessionidentifier of the first secure session. The terminal 60 is configured tostore in a data storage the session identifier and the credentialidentifier associated with the session identifier of the first securesession. Hence the terminal 60 may comprise a memory 603 to store thesession identifier and the credential identifier associated with thesession identifier of the first secure session. The terminal 60 is forexample configured to receive a message requesting or accepting theestablishment of the second secure session. Hence the terminal 60 maycomprise an interface 604 configured to receive a message requesting oraccepting the establishment of the second secure session, such as amessage 801 from the client terminal 50, 51. The interface 604 isconfigured for wired communication and/or for wireless communication.The terminal 60 is for example configured to obtain a credentialidentifier from the received message. The terminal 60 is for exampleconfigured to determine whether the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. Hence the terminal 60 comprises e.g. adeterminor 608 to determine whether the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. The terminal 60 is for example configuredto retrieve the session identifier of the first secure session when itis determined that the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session. Hence the terminal 60 comprises e.g. a retriever609 configured to retrieve the session identifier of the first securesession. The terminal 60 is e.g. further configured to send to theclient terminal 50 the retrieved session identifier of the first securesession when it is determined that the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session. The interface 604 is e.g. furtherconfigured to send the retrieved session identifier of the first securesession.

In one or more embodiments, the processing means comprise a processor602 and a memory 603 wherein the memory 603 contains instructionsexecutable by the processor 602. The processor 602 may be constituted byany suitable Central Processing Unit, CPU, microcontroller, DigitalSignal Processor, DSP, field programmable gate array, FPGA, orapplication specific integrated circuit, ASIC or any other form ofprocessor etc. capable of executing computer program code. According tosome aspects, the disclosure relates to a client terminal comprising aprocessor 301 and a memory, said memory containing instructionsexecutable by said processor, to execute the method disclosed herein.The memory 603 may be configured to store received or transmitted dataand/or executable program instructions. The memory 603 may be anysuitable type of computer readable memory and may be of volatile and/ornon-volatile type. The processor 602 is for example configured to obtaina session identifier of the first secure session. The processor 602comprises e.g. an obtain session identifier module 605. The processor602 is configured to obtain a credential identifier, the credentialidentifier identifying a client terminal 50, 51 of the first securesession. Hence processor 602 comprises e.g. an obtain credentialidentifier module 606. The processor 602 is configured to associate thecredential identifier to the session identifier of the first securesession. Hence the processor 602 comprises e.g. an associating module607. The processor 602 is configured to store in a data storage thesession identifier and the credential identifier associated with thesession identifier of the first secure session. Hence the processor 602comprises e.g. a memory 603 to store the session identifier and thecredential identifier associated with the session identifier of thefirst secure session. The processor 602 is for example configured toreceive a message requesting or accepting the establishment of thesecond secure session. Hence the processor 602 may comprise an interface604 configured to receive a message requesting or accepting theestablishment of the second secure session, such as a message 801 fromthe client terminal 50, 51. The processor 602 is for example configuredto obtain a credential identifier from the received message. Theprocessor 602 is for example configured to determine whether theobtained credential identifier matches the credential identifierassociated with the session identifier of the first secure session.Hence processor 602 may comprise a determiner 608 to determine whetherthe obtained credential identifier matches the credential identifierassociated with the session identifier of the first secure session. Theprocessor 602 is for example configured to retrieve the sessionidentifier of the first secure session when it is determined that theobtained credential identifier matches the credential identifierassociated with the session identifier of the first secure session.Hence the processor 602 may comprise a retriever 609 configured toretrieve the session identifier of the first secure session.

In one or more embodiments, the server terminal 60 is a TLS serverterminal comprising a SIP client and a TLS module. The SIP client ofterminal 60 sends the credential identifier of the TLS client (e.g. acertificate fingerprint of the TLS client) to the TLS module. The TLSmodule checks if a TLS session associated with the credential identifierexists in the TLS session cache, and if that is the case it returns theTLS session identifier to the SIP client that includes it in the SIPmessage sent to the TLS client terminal 50. Once the client terminal 50initiates the TLS handshake, the SIP client in the TLS server terminal60 extracts the TLS session identifier and sends it to the TLS modulewhich attempts to proceed with the requested establishment, resumptionand/or duplication of the session. If no TLS session identifier is foundcorresponding to the received session identifier, a new session iscreated with a full handshake. The TLS server terminal 60 stores a newsession in the session cache together with the credential (e.g.certificate) of the TLS client.

FIG. 7 shows a signaling diagram illustrating an exemplary exchange ofmessages for establishing a second secure session according to thisdisclosure in an embodiment of a communication network. The signalingdiagram shows a client terminal 50 and a server terminal 60. The serverterminal 60 sends a message 701 requesting or accepting establishment ofa second secure session to the client terminal 50, the second securesession being additional and/or consecutive to a first secure session.The message 701 comprises a credential identifier of the server terminal60. For example, the server terminal 60 sends to the client terminal 50a signaling message to establish a media session. For example, theserver terminal 60 sends a SIP INVITE to the client terminal 50 toestablish a TLS protected session, such as fax transmission. The SIPINVITE comprises a credential identifier of the server terminal 60, suchas an identifier of a certificate, such as a certificate fingerprint ofthe server terminal 60. The signaling diagram is similar in case of anoutgoing call, and if DTLS or DTLS-SRTP is used as a transport securityprotocol to protect the media. If the client terminal 50 accepts toestablish the second secure session, the client terminal 50 sends backto the server terminal a response 702. The response 702 comprises forexample an indication that the client terminal 50 is to act or continueto act as a client terminal in the initiation phase of the transportsecurity protocol. For example, the client terminal 50 responds with aSIP 200 OK comprising an SDP answer and an attribute “a=setup-active”indicating to the server terminal 60 that the client terminal 50 is toinitiate the TCP connection, and, as a consequence, that it acts as aTLS client terminal in the TLS handshake. The client terminal 50receiving the message 701 extracts the credential identifier of theserver terminal from message 701. The client terminal 50 determineswhether the extracted credential identifier matches a credentialidentifier associated with the session identifier of an earlierestablished session, such as the first secure session. For example, theclient terminal 50 determines if the received credential identifiercorresponds to a credential identifier stored in the TLS session cachewith a session identifier of an earlier established session. When it isdetermined that the received credential identifier matches thecredential identifier associated with the session identifier of theearlier established session, such as the first secure session, theclient terminal 50 retrieves the session identifier of the earlierestablished session and initiates using the retrieved session identifieran abbreviated establishment procedure of the transport securityprotocol with message 703. When it is determined that the receivedcredential identifier matches the credential identifier associated withthe session identifier of the earlier established session, such as thefirst secure session, the client terminal 50 performs a fullestablishment procedure of the transport security protocol. For example,the client terminal 50 attempts to resume or duplicate a secure sessionby including the TLS session identifier in the initial TLS handshakemessage. If the server terminal 60 does not agree to resume or duplicatethe secure session or if no associated TLS session identifier at theclient terminal 50 was found, then a full TLS handshake is performed anda new TLS session is created. The client terminal 50 stores the newsession information in the session cache together with the credential orthe credential identifier, such as the certificate or certificatefingerprint of the TLS server terminal. Storing the certificate insteadof the certificate fingerprint is necessary when there is more than oneway of calculating the certificate fingerprint, e.g. using differenthash algorithms.

In one or more embodiments, the message 701 and the message 702 traverseone or more intermediate nodes 70. According to an aspect of thedisclosure, the one or more intermediate nodes inserts a media gatewaythat encrypts and decrypts the method by replacing the credentialidentifier of the server terminal 60 with the credential identifier ofintermediate node. This results in the second secure session beingestablished between the client terminal 50 and the intermediate node 70,and another secure session being established between the intermediatenode 70 and the server terminal 60. In such a scenario, the intermediatenode 70 acts as a server terminal in the transport security protocol forthe second secure session towards the client terminal 50 and acts aclient terminal in the transport security protocol for the other securesession towards the server terminal 60. For example, the SIP INVITE andSIP 200 OK traverse one or more signaling proxies on its way to otherendpoint. Each of these proxies may insert a media gateway that encryptsand decrypts the media (for example, to perform transcoding) byreplacing the certificate fingerprint and possibly (IP, port) in themessage with the certificate fingerprint and possibly (IP, port) of themedia gateway. The TLS connections are thus established e.g. between theclient terminal 50 and the media gateway and between the media gatewayand the server terminal 60. In other words, two or more separatesessions are established where the signaling proxy or media gatewaytakes the role of client terminal when it interacts with a serverterminal and takes the role of a server terminal when it interacts withthe client terminal. The intermediate node 70 when acting as a clientterminal is configured to obtain a session identifier of the firstsecure session between node 70 and the server terminal 60, and to obtaina credential identifier, the credential identifier identifying a serverterminal 60 of the first secure session. The intermediate node 70 actingas a client terminal is configured to associate the credentialidentifier to the session identifier of the first secure session, and tostore the session identifier and the credential identifier associatedwith the session identifier of the first secure session. Theintermediate node 70 acting as a client terminal is configured toreceive a message requesting or accepting the establishment of thesecond secure session, and to obtain a credential identifier from thereceived message. The intermediate node 70 acting as a client terminalis configured to determine whether the obtained credential identifiermatches the credential identifier associated with the session identifierof the first secure session, and to retrieve the session identifier ofthe first secure session, when it is determined that the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first secure session. The intermediatenode 70 acting as a client terminal is configured to initiate theestablishment of the second secure session using the retrieved sessionidentifier in an abbreviated establishment procedure of the transportsecurity protocol, when it is determined that the obtained credentialidentifier matches the credential identifier associated with the sessionidentifier of the first secure session. The intermediate node 70 actingas a client terminal is configured to initiate the establishment of thesecond secure session using a full establishment procedure of thetransport security protocol, when it is not determined that the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first secure session. The intermediatenode 70 when acting as a server terminal is configured to obtain asession identifier of the first secure session between node 70 andclient terminal 51, and to obtain a credential identifier, thecredential identifier identifying a client terminal 51 of the firstsecure session. The intermediate node 70 acting as a server terminal isconfigured to associate the credential identifier to the sessionidentifier of the first secure session; and to storing the sessionidentifier and the credential identifier associated with the sessionidentifier of the first secure session. The intermediate node 70 actingas a server terminal is configured to receive a message 801 requestingor accepting the establishment of the second secure session; and toobtain a credential identifier from the received message. Theintermediate node 70 acting as a server terminal is configured todetermine whether the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session, and to retrieve the session identifier of thefirst secure session, when it is determined that the obtained credentialidentifier matches the credential identifier associated with the sessionidentifier of the first secure session. The intermediate node 70 actingas a server terminal is configured to send to the client terminal 50 theretrieved session identifier of the first secure session, when it isdetermined that the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst session.

FIG. 8 shows a signaling diagram illustrating another exemplary exchangeof messages for establishing a second secure session according to thisdisclosure in an embodiment of a communication network. The signalingdiagram shows a client terminal 51 and a server terminal 60. FIG. 8illustrates one or more embodiments where the server terminal 60 insteadof the client terminal 51 determines and retrieves the sessionidentifier for the second secure session to be established, resumedand/or duplicated, by the client terminal 51. For example, a terminalacting as a TLS server identifies the resumable/duplicable TLS sessioninstead of the terminal acting as a TLS client. The difference with theone or more embodiments illustrated in FIG. 7 lies in the partyperforming the identification using the remote party's credentialidentifier. The client terminal 51 sends a message 801 requesting oraccepting establishment of a second secure session to the serverterminal 60, the second secure session being additional and/orconsecutive to a first secure session. The message 801 comprises acredential identifier of the client terminal 51. For example, the clientterminal 51 sends a signaling message (e.g. a SIP INVITE) to establish amedia session (e.g. a TLS protected fax transmission). The serverterminal 60 receiving the message 801 extracts the credential identifierfrom the message 801. The server terminal 60 determines if the receivedcredential identifier corresponds to a stored credential identifier of afirst secure session. For example, the server terminal 60 extracts acertificate fingerprint from an SDP offer of a SIP INVITE and attemptsto retrieve an associated TLS session identifier from the TLS sessioncache. When it is determined by the server terminal 60 or by theprocessing means 601 that the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session, the server terminal 60 or the processing means 601retrieve the session identifier. The server terminal 60 accepts thesession and sends the retrieved session identifier of the first securesession to the client terminal 51 in a signaling response 802. Forexample, if a TLS session is found by the TLS server, the TLS serversends the TLS session identifier to the remote party, i.e. the clientterminal 51, in the session setup signaling (e.g. SIP). The TLS sessionidentifier is e.g. inserted in the SDP answer. For example, a terminalaccepts the call and responds with a SIP 200OK containing the SDP answerwith an attribute “a=setup-passive” indicating that the terminal is tolisten for incoming TCP connections and, as a consequence, is to act asthe TLS server in the TLS handshake. The client terminal 51 receives thesession identifier of the first secure session in e.g. the response 802.For example, the client terminal 51 receives a SIP 200 OK response andchecks if a SDP answer of the SIP 200 OK response comprises a sessionidentifier. The client terminal 51 determines if the received sessionidentifier matches a stored session identifier of the first securesession. The client terminal 51 initiates the establishment of thesecond secure session using the received session identifier in anabbreviated establishment procedure of the transport security protocol,when it is determined by the client terminal 51 that the receivedsession identifier matches the stored session identifier of the firstsecure session. To initiate the abbreviated establishment procedure, theclient terminal 51 sends a message 803 initiating the abbreviatedestablishment procedure. When it is not determined by the clientterminal 51 that the received session identifier matches the storedsession identifier of the first secure session, the client terminal 51initiates the establishment of the second secure session using a fullestablishment procedure of the transport security protocol. For example,the client terminal 51 receives a SIP 200 OK response and determines ifthe SDP answer of the SIP 200 OK response contains a TLS sessionidentifier. The client terminal 51 determines if the TLS sessionidentifier received matches a TLS session identifier stored in its TLScache. If the client terminal 51 determines that the TLS sessionidentifier received matches a TLS session identifier stored in its TLScache, then the TLS client attempts to establish, resume and/orduplicate the second TLS session by including the session identifier ofthe first TLS session in the initial handshake message. If the TLSserver does not agree to resume the session or if no existing TLSsession was found due to a timeout of the session identified by thesession identifier received, then a full TLS handshake is performed anda new TLS session is created. The TLS server stores the new sessioninformation in the session cache together with the credential identifier(e.g. certificate and/or certificate fingerprint) of the TLS client.Storing the certificate instead of the certificate fingerprint may benecessary when there is more than one way of calculating the certificatefingerprint, e.g. using different hash algorithms. Due to the way theTLS handshake protocol is designed, only the TLS client can request aTLS session to be re-established, resumed or duplicated. Therefore theTLS server has to send the TLS session identifier via the session setupsignaling to the TLS client. The signaling message 802 comprises e.g. anadditional attribute indicating the session identifier (e.g.a=tls-session-id=<session id value> in case of SIP). Indicating thesession identifier in the session setup signaling is independent of thetype of credential identifier used. If a terminal can be identified fromthe session setup signaling in some other way, then the server can stillindicate the TLS session identifier in the session setup signaling. Forexample, if a terminal uses a TLS-PSK cipher-suite which is based onpre-shared keys instead of certificates, then a PSK identifier can beused as a credential identifier for the terminal instead of e.g.certificate fingerprints.

In one or more embodiments, the message 801 and the message 802 traverseone or more intermediate nodes 70. The one or more intermediate nodesperform for example the role of a media gateway that encrypts anddecrypts the method by replacing the credential identifier of the serverterminal 60 with the credential identifier of intermediate node. Thisresults in the second secure session being established between theclient terminal 51 and the intermediate node 70, and another securesession being established between the intermediate node 70 and theserver terminal 60. In such a scenario, the intermediate node 70 acts asa server terminal in the transport security protocol for the secondsecure session towards the client terminal 51 and acts a client terminalin the transport security protocol for the other secure session towardsthe server terminal 60. For example, the SIP INVITE and SIP 200 OKtraverse one or more signaling proxies on the way to the other endpoint.Each of these proxies can decide to insert a media gateway that encryptsand decrypts the media (for example, to perform transcoding) byreplacing the certificate fingerprint and possibly (IP address, port)pair of the received message with the certificate fingerprint andpossibly (IP address, port) of the media gateway. The TLS connectionsare thus established between the client terminal 51 and the mediagateway and between the media gateway and the server terminal 60. Inother words, two separate session establishments are established wherethe signaling proxy or media gateway takes the role of client terminal51 when it interacts with server terminal 60 and as server terminal 60when it interacts with the client terminal 51. The intermediate node 70configured to act as a client terminal 51 comprises processing meansconfigured to: send to a server terminal a message requesting oraccepting the establishment of the second secure session; receive fromthe server terminal the session identifier of the first secure session;and determine whether the received session identifier matches the storedsession identifier of the first secure session. The intermediate node 70configured to act as a client terminal 51 comprises processing meansconfigured to initiate the establishment of the second secure sessionusing the received session identifier in an abbreviated establishmentprocedure of the transport security protocol, when it is determined thatthe received session identifier matches the stored session identifier ofthe first secure session; or to initiate the establishment of the secondsecure session using a full establishment procedure of the transportsecurity protocol, when it is not determined that the received sessionidentifier matches the stored session identifier of the first securesession.

FIG. 9 is a system diagram illustrating an exemplary communicationnetwork 90, an exemplary client terminal 50, 51 and an exemplary serverterminal 60 according to this disclosure. The communication network 90comprises an intermediate node 70. According to some aspects of thisdisclosure, the communication network 90 comprises a wired communicationnetwork, and/or a wireless communication network. A wired communicationnetwork comprises e.g. an Internet protocol-based communication network,a fiber-optic communication network, a telephone network, a cablenetwork. A wireless communication network comprises 3GPP Long termevolution, LTE, system, wideband code division multiple access, WCDMA,WiMax, wireless local area network, WLAN, a short range communicationnetwork.

It should be appreciated that FIGS. 1-4 comprises some operations whichare illustrated with a darker border and some operations which areillustrated with a dashed border. The operations which are comprised ina darker border are operations which are comprised in the broadestexample embodiment. The operations which are comprised in a dashedborder are example embodiments which may be comprised in, or a part of,or are further operations which may be taken in addition to theoperations of the border example embodiments. It should be appreciatedthat these operations need not be performed in order. Furthermore, itshould be appreciated that not all of the operations need to beperformed. The example operations may be performed in any order and inany combination.

It should be appreciated that the example operations of FIG. 1 through 4may be performed simultaneously for any number of terminals in thecommunication network.

Aspects of the disclosure are described with reference to the drawings,e.g., block diagrams and/or flowcharts. It is understood that severalentities in the drawings, e.g., blocks of the block diagrams, and alsocombinations of entities in the drawings, can be implemented by computerprogram instructions, which instructions can be stored in acomputer-readable memory, and also loaded onto a computer or otherprogrammable data processing apparatus. Such computer programinstructions can be provided to a processor of a general purposecomputer, a special purpose computer and/or other programmable dataprocessing apparatus to produce a machine, such that the instructions,which execute via the processor of the computer and/or otherprogrammable data processing apparatus, create means for implementingthe functions/acts specified in the block diagrams and/or flowchartblock or blocks.

In some implementations and according to some aspects of the disclosure,the functions or steps noted in the blocks can occur out of the ordernoted in the operational illustrations. For example, two blocks shown insuccession can in fact be executed substantially concurrently or theblocks can sometimes be executed in the reverse order, depending uponthe functionality/acts involved. Also, the functions or steps noted inthe blocks can according to some aspects of the disclosure be executedcontinuously in a loop.

In the drawings and specification, there have been disclosed exemplaryaspects of the disclosure. However, many variations and modificationscan be made to these aspects without substantially departing from theprinciples of the present disclosure. Thus, the disclosure should beregarded as illustrative rather than restrictive, and not as beinglimited to the particular aspects discussed above. Accordingly, althoughspecific terms are employed, they are used in a generic and descriptivesense only and not for purposes of limitation.

The description of the example embodiments provided herein have beenpresented for purposes of illustration. The description is not intendedto be exhaustive or to limit example embodiments to the precise formdisclosed, and modifications and variations are possible in light of theabove teachings or may be acquired from practice of various alternativesto the provided embodiments. The examples discussed herein were chosenand described in order to explain the principles and the nature ofvarious example embodiments and its practical application to enable oneskilled in the art to utilize the example embodiments in various mannersand with various modifications as are suited to the particular usecontemplated. The features of the embodiments described herein may becombined in all possible combinations of methods, apparatus, modules,systems, and computer program products. It should be appreciated thatthe example embodiments presented herein may be practiced in anycombination with each other.

It should be noted that the word “comprising” does not necessarilyexclude the presence of other elements or steps than those listed andthe words “a” or “an” preceding an element do not exclude the presenceof a plurality of such elements. It should further be noted that anyreference signs do not limit the scope of the claims, that the exampleembodiments may be implemented at least in part by means of bothhardware and software, and that several “means”, “units” or “devices”may be represented by the same item of hardware.

Although the description is mainly given for a terminal, it should beunderstood by the skilled in the art that “user equipment” is anon-limiting term which means any device, user equipment, or nodecapable of receiving and transmitting (e.g. PDA, laptop, mobile, sensor,fixed relay, mobile relay or even a radio base station, e.g. femto basestation).

The various example embodiments described herein are described in thegeneral context of method steps or processes, which may be implementedin one aspect by a computer program product, embodied in acomputer-readable medium, including computer-executable instructions,such as program code, executed by computers in networked environments. Acomputer-readable medium may include removable and non-removable storagedevices including, but not limited to, Read Only Memory (ROM), RandomAccess Memory (RAM), compact discs (CDs), digital versatile discs (DVD),etc. Generally, program modules may include routines, programs, objects,components, data structures, etc. that perform particular tasks orimplement particular abstract data types. Computer-executableinstructions, associated data structures, and program modules representexamples of program code for executing steps of the methods disclosedherein. The particular sequence of such executable instructions orassociated data structures represents examples of corresponding acts forimplementing the functions described in such steps or processes.

In the drawings and specification, there have been disclosed exemplaryembodiments. However, many variations and modifications can be made tothese embodiments. Accordingly, although specific terms are employed,they are used in a generic and descriptive sense only and not forpurposes of limitation, the scope of the embodiments being defined bythe following claims.

The invention claimed is:
 1. A method for enabling an establishment of asecond secure session over a communication network, the second securesession being additional to a first secure session, the first securesession being established using a session establishment protocol and atransport security protocol, the method comprising: a first terminalobtaining a session identifier of the first secure session; the firstterminal obtaining a credential identifier that is separate and distinctfrom the session identifier, the credential identifier identifying asecond terminal of the first secure session; the first terminalassociating the credential identifier with the session identifier of thefirst secure session; the first terminal storing the session identifierand the credential identifier associated with the session identifier ofthe first secure session; the first terminal receiving a messagerequesting the establishment of the second secure session, wherein themessage contains a credential identifier and the message requesting theestablishment of the second secure session was transmitted by the secondterminal; the first terminal obtaining the credential identifiercontained within the received message; the first terminal determiningwhether the credential identifier obtained from the received messagematches the credential identifier associated with the sessionidentifier; and as a result of determining that the obtained credentialidentifier matches the credential identifier associated with the sessionidentifier, the first terminal using the session identifier to initiatethe establishment of the second secure session in an abbreviatedestablishment procedure of the transport security protocol.
 2. Themethod of claim 1, wherein the first terminal is a server terminal andthe second terminal is a client terminal.
 3. The method of claim 1,wherein the credential identifier comprises a certificate fingerprint, acertificate, and/or an identifier of a pre-shared key.
 4. The method ofclaim 1, wherein enabling the establishment of the second secure sessioncomprises enabling a resumption of the first secure session, and/orenabling a duplication of the first secure session.
 5. The method ofclaim 1, wherein the transport security protocol comprises a transportlayer security (TLS) protocol, a secure sockets layer (SSL) protocol, adatagram transport layer security (DTLS) protocol, and/or a datagramtransport layer security protocol with an extension for secure real-timetransport protocol (DTLS-SRTP).
 6. The method of claim 1, wherein thesession establishment protocol comprises a session initiation protocol(SIP), and/or an extensible messaging and presence protocol (XMPP). 7.The method of claim 1, wherein the communication network comprises awired communication network, and/or a wireless communication network. 8.A computer program product comprising a non-transitory computer readablemedium storing a computer program, comprising computer readable codewhich, when run on a processing means of a terminal, causes the terminalto perform the method as claimed in claim
 1. 9. A method for enabling anestablishment of a second secure session over a communication network,the second secure session being additional to a first secure session,the first secure session being established between a client and a serverusing a session establishment protocol and a transport securityprotocol, the method comprising: the client triggering the server totransmit to the client a session identifier as a result of the serverdetermining that a credential identifying the client matches a storedcredential, wherein the session identifier is associated with the firstsecure session and wherein triggering the server comprises the clientsending to the server a request message requesting or accepting theestablishment of the second secure session, wherein the request messagecontains the credential identifying the client but does not contain thesession identifier; the client receiving from the server a responsemessage transmitted by the server in response to the request message,wherein the response message comprises the session identifier; theclient determining if the received session identifier matches a storedsession identifier of the first secure session; and the clientperforming one of the following initiating steps: i) initiating theestablishment of the second secure session using the received sessionidentifier in an abbreviated establishment procedure of the transportsecurity protocol as a result of determining that the received sessionidentifier matches the stored session identifier of the first securesession; and ii) initiating the establishment of the second securesession using a full establishment procedure of the transport securityprotocol, as a result of determining that the received sessionidentifier does not match the stored session identifier of the firstsecure session.
 10. The method of claim 9, further comprising: receivingfrom the client the request message requesting or accepting theestablishment of the second secure session; obtaining the credentialidentifier from the received message; determining whether the obtainedcredential identifier matches a credential identifier associated withthe session identifier of the first secure session; retrieving thesession identifier of the first secure session, when it is determinedthat the obtained credential identifier matches the credentialidentifier associated with the session identifier of the first securesession; and sending to the client the retrieved session identifier ofthe first secure session, when it is determined that the obtainedcredential identifier matches the credential identifier associated withthe session identifier of the first session.
 11. The method of claim 10,wherein sending to the client the retrieved session identifier of thefirst secure session comprises sending to the client the retrievedsession identifier in the response message.
 12. An apparatus forenabling an establishment of a second secure session over acommunication network, the second secure session being additional to afirst secure session, the first secure session being established using asession establishment protocol and a transport security protocol, theapparatus comprising: a memory; and a processor, wherein the apparatusis configured to: obtain a session identifier of the first securesession; obtain a credential identifier that is separate and distinctfrom the session identifier, the credential identifier identifying asecond terminal of the first secure session; associate the credentialidentifier with the session identifier of the first secure session;store the session identifier and the credential identifier associatedwith the session identifier of the first secure session; receive amessage transmitted by the second terminal, the message requesting theestablishment of the second secure session, wherein the message containsa credential identifier; obtain the credential identifier containedwithin the received message; determine whether the credential identifierobtained from the received message matches the credential identifierassociated with the session identifier; and as a result of determiningthat the obtained credential identifier matches the credentialidentifier associated with the session identifier, use the sessionidentifier to initiate the establishment of the second secure session inan abbreviated establishment procedure of the transport securityprotocol.
 13. The apparatus of claim 12, wherein the memory containsinstructions executable by the processor.
 14. The apparatus of claim 12,wherein the apparatus is further configured to send to the terminal theretrieved session identifier of the first secure session as a result ofdetermining that the obtained credential identifier matches thecredential identifier associated with the session identifier of thefirst secure session.
 15. A terminal configured to act as a clientterminal for enabling an establishment of a second secure session over acommunication network, the second secure session being additional to afirst secure session, the first secure session being established using asession establishment protocol and a transport security protocol, theterminal comprising: a memory; and a processor, wherein the terminal isconfigured to: trigger the server to transmit to the client a sessionidentifier as a result of the server determining that a credentialidentifying the client matches a stored credential, wherein the sessionidentifier is associated with the first secure session and whereintriggering the server comprises the client sending to the server arequest message requesting or accepting the establishment of the secondsecure session, wherein the request message contains the credentialidentifying the client but does not contain the session identifier;receive from the server a response message transmitted by the server inresponse to the request message, wherein the response message comprisesthe session identifier; determine if the received session identifiermatches a stored session identifier of the first secure session; andperform one of the following initiating steps: i) initiating theestablishment of the second secure session using the received sessionidentifier in an abbreviated establishment procedure of the transportsecurity protocol as a result of determining that the received sessionidentifier matches the stored session identifier of the first securesession; and ii) initiating the establishment of the second securesession using a full establishment procedure of the transport securityprotocol, as a result of determining that the received sessionidentifier does not match the stored session identifier of the firstsecure session.